SEC Plans Review Of RIAs, Broker-Dealers For Lax Cybersecurity

The Securities and Exchange Commission’s Office of Compliance Inspections and Examinations issued cybersecurity guidelines Tuesday as it prepares to look at over 50 investment advisors and broker-dealers on the issue, which is gaining increasing prominence at the agency.

Unveiled in an OCIE Risk Alert, the guidelines —- and the exams —- are designed to focus on cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and funds transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.

OCIE said collaboration between the agency and the securities industry is essential to protect investors and the markets from cyber threats.

The guidelines call for advisors to keep track of cybersecurity measures taken to protect hardware, software and data flows.

OCIE also wants advisory firms to prioritize elements of their IT systems for protection based on their sensitivity and business value.

In addition, the SEC unit is encouraging FAs to conduct regular risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences.

To show the importance the SEC is placing on protection involving remote customer access and funds transfer requests, the agency devotes an entire section of the guidelines to these concerns.

Under the guidelines, as well, advisors are called upon to keep track of how they monitor, detect and respond to cyber intrusions.